ee475d9960e90bf32a99728cec03f5665512fd6e2e3526ec3378bc65998b41b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-10_d3ad8c4a08657a96b6a3c89b8fd67291_ryuk
Size

15.2MB
Sample

240510-bqsl8sdg37
MD5

d3ad8c4a08657a96b6a3c89b8fd67291
SHA1

158eaa08cb7d62564ff97dd4beab5bfd65ce6368
SHA256

ee475d9960e90bf32a99728cec03f5665512fd6e2e3526ec3378bc65998b41b8
SHA512

2926a319ac175a3274110dd623dcfea7297b6545665b5e77bceb9e028981d732a4532f64fd31191b25f9518154d71505fc9ae87d3468248355342bd8376fb829
SSDEEP

393216:Ey6mWoFLgtIGI5ShR4uwrYXI3gutN3ZWLzkn2:EyW60ttuQ2PYqtN30Q

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  2024-05-10_d3ad8c4a08657a96b6a3c89b8fd67291_ryuk
- Size
  
  15.2MB
- MD5
  
  d3ad8c4a08657a96b6a3c89b8fd67291
- SHA1
  
  158eaa08cb7d62564ff97dd4beab5bfd65ce6368
- SHA256
  
  ee475d9960e90bf32a99728cec03f5665512fd6e2e3526ec3378bc65998b41b8
- SHA512
  
  2926a319ac175a3274110dd623dcfea7297b6545665b5e77bceb9e028981d732a4532f64fd31191b25f9518154d71505fc9ae87d3468248355342bd8376fb829
- SSDEEP
  
  393216:Ey6mWoFLgtIGI5ShR4uwrYXI3gutN3ZWLzkn2:EyW60ttuQ2PYqtN30Q
Score

7^/10
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2